<?php
session_start();
if($_SESSION['username']){
    header("location:../news");
    exit;
}
include($_SERVER['DOCUMENT_ROOT'].'/config.php');

if($_SERVER["REQUEST_METHOD"] == 'POST'){
    $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
    $username = mysqli_real_escape_string ($connect, $_POST['username']);
    $password = mysqli_real_escape_string ($connect, $_POST['password']);

    if(strlen($username) > 1 && strlen($password) > 1){

        $query = $connect->query("SELECT * FROM ".$prefix."users WHERE username='".$username."' AND password=password('".$password."')");
        $row = $query->fetch_object();
        $numrows = $query->num_rows;

        if($numrows == 1){

            $_SESSION['username'] = $_POST['username'];
            $_SESSION['userId'] = $row->id;
            if($row->admin == "1"){
                $_SESSION['adminrights'] = true;
            }
            else{
                $_SESSION['adminrights'] = false;
            }
            $userId = $_SESSION['userId'];
            header("location:../../pages/7/community/user/$userId/$username");
            $query->close();
            $connect->close();
            exit;
        }else{
            $error = 'incorrect login';
            header("location:../../pages/6/login");
        }
    }
    else {
        $error = 'Oh my, it seems you forgot something..';
        header("location:../../pages/6/login");
    }
}

return $error;
?>